LogDevice is capable of recording data regardless of hardware or network issues. If something breaks, it will simply hand off the task of collecting logs. And when everything turns back on, LogDevice can restore records at between five and ten gigabytes per second.

LinkedIn, well known inside the development community for its innovation, is probably most famous for its development of Kafka, an open-source stream processing platform that provides a unified, high-throughput, low-latency platform for handling real-time data feeds.

Flock has set its sights on disrupting a segment where Slack and Microsoft have staked out claims, said Neha Dharia, a senior analyst at Ovum Ltd and its global specialist tracking business collaboration and communication products. Flock’s monthly charges are $3 per user for its premium version while Slack’s per-user charges start from $6.67, according to its website. Both offer a free plan.

Today, August 31st 2017, WikiLeaks publishes documents from the Angelfire project of the CIA. Angelfire is an implant comprised of five components: Solartime, Wolfcreek, Keystone (previously MagicWand), BadMFS, and the Windows Transitory File system. Like previously published CIA projects (Grasshopper and AfterMidnight) in the Vault7 series, it is a persistent framework that can load and execute custom implants on target computers running the Microsoft Windows operating system (XP or Win7).

Solartime modifies the partition boot sector so that when Windows loads boot time device drivers, it also loads and executes the Wolfcreek implant, that once executed, can load and run other Angelfire implants. According to the documents, the loading of additional implants creates memory leaks that can be possibly detected on infected machines.

Keystone is part of the Wolfcreek implant and responsible for starting malicious user applications. Loaded implants never touch the file system, so there is very little forensic evidence that the process was ever ran. It always disguises as "C:\Windows\system32\svchost.exe" and can thus be detected in the Windows task manager, if the operating system is installed on another partition or in a different path.

BadMFS is a library that implements a covert file system that is created at the end of the active partition (or in a file on disk in later versions). It is used to store all drivers and implants that Wolfcreek will start. All files are both encrypted and obfuscated to avoid string or PE header scanning. Some versions of BadMFS can be detected because the reference to the covert file system is stored in a file named "zf".

The Windows Transitory File system is the new method of installing AngelFire. Rather than lay independent components on disk, the system allows an operator to create transitory files for specific actions including installation, adding files to AngelFire, removing files from AngelFire, etc. Transitory files are added to the 'UserInstallApp'.

On Aug. 23, Microsoft released Windows 10 Fall Creators Update Build 16273. This late beta doesn’t introduce new features. It’s all about stabilizing the next Windows 10 update before releasing it to the public. In short, it’s a bug-fix version — with a twist. While Microsoft tells us which bugs have been fixed in this build, it doesn’t say anything about new bugs, or old bugs that haven’t been fixed.

The company developed Kafka, an open source message streaming tool to help make it easier to move massive amounts of data around a network from application to application. It has become so essential today that LinkedIn has dedicated 1800 servers moving over 2 trillion transactions per day through Kafka, Jiangjie Qin, lead software engineer on the Cruise Control project told TechCrunch.

There have been various controversies with Windows 10, from issues with privacy and telemetry, to ads and forced upgrades. Following a court case, Microsoft has vowed to never force upgrade files onto users again.

Windows users in Germany were particularly unimpressed when Microsoft forcibly downloaded many gigabytes of files to upgrade from Windows 7 and 8 to Windows 10. Having held out for 18 months, and losing its case twice, Microsoft has finally agreed to stop its nefarious tactics.

During the ‘free upgrade' period of Microsoft's Windows 10 rollout and subsequent updates, the company was heavily criticised for downloading large amounts of data to users' machines without permission, or even an acknowledgement that the upgrade was wanted.

The production release of the Oracle Database Programming Interface for C (ODPI-C), which gives more streamlined access to C and C++ developers to Oracle Database, has been launched on GitHub.

The open-source wrapper is aimed primarily at language interface developers, allowing users to quickly call more common features of the Oracle Call Interface (OCI), the main C API for Oracle Database. But the company says that its conciseness makes it a flexible and accessible tool.

Imagine I'm working on the front line of an open organization, and I'm committed to following principles like transparency, inclusivity, adaptability, collaboration, community, accountability, and commitment to guide that front-line work. A huge problem comes up. My fellow front-line workers and I can't handle it on our own, so we discuss the problem and decide that one of us has to take it to top management. I'm selected to do that.

When I do, I learn there is nothing we can do about the problem within the company. So management decides to let me present the issue to outside individuals who can help us.

In my search for the expertise required to fix the problem, I learned that no single individual has that expertise—and that we must find an outside, skilled partner (company) to help us address the issue.

On the blog of IcedTea release manager Andrew Hughes (aka GNU/Andrew) you can find the announcement for IcedTea 2.6.11 which builds OpenJDK 7u151_b01. This release includes the official July 2017 security fixes for Java 7. Note that the security updates for Java 8 were already pushed to my repository some time ago.

Miscreants are using various techniques, including the leaked NSA EternalBlue exploit also wielded by the WannaCry malware, to hack into laptops and other devices used by government and business travelers, FireEye researchers declared on Friday.

Cyber security vendor Kaspersky Lab has dropped its anti-trust actions against Microsoft after the latter agreed to make changes to address the concerns the former had raised in its plaints to Russian, German and European Commission authorities.

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported.

More in Tux Machines

Linux: To recurse or not

Linux and recursion are on very good speaking terms. In fact, a number of Linux command recurse without ever being asked while others have to be coaxed with just the right option. When is recursion most helpful and how can you use it to make your tasks easier? Let’s run through some useful examples and see.

today's leftovers

MX Linux Review of MX-17. MX-17 is a cooperative venture between the antiX and former MEPIS Linux communities. It’s XFCE based, lightning fast, comes with both 32 and 64-bit CPU support…and the tools. Oh man, the tools available in this distro are both reminders of Mepis past and current tech found in modern distros.

Samsung stopped the distribution of the Android 8.0 Oreo operating system update for its Galaxy S8 and S8+ smartphones due to unexpected reboots reported by several users.
SamMobile reported the other day that Samsung halted all Android 8.0 Oreo rollouts for its Galaxy S8/S8+ series of Android smartphones after approximately a week since the initial release. But only today Samsung published a statement to inform user why it stopped the rollouts, and the cause appears to be related to a limited number of cases of unexpected reboots after installing the update.

The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.

A few days back I reported on Intel Icelake patches for the i965 Mesa driver in bringing up the OpenGL support now that several kernel patch series have been published for enabling these "Gen 11" graphics within the Direct Rendering Manager driver. This Icelake support has been quick to materialize even with Cannonlake hardware not yet being available.

Introduced as part of LunarG's recent Vulkan SDK update is the VLF, the Vulkan Layer Factory.
The Vulkan Layer Factory aims to creating Vulkan layers easier by taking care of a lot of the boilerplate code for dealing with the initialization, etc. This framework also provides for "interceptor objects" for overriding functions pre/post API calls for Vulkan entry points of interest.